The scan database (`db_tests`) is a CSV delimited file which contains most of the tests. Fields are enclosed by quotes and separated by commas. The field order is:

**ID, References, Tuning, URI, Method, DSL, Message, Data, Headers**

**Field Descriptions:**
- **ID** - Unique test identifier (e.g., "000120")
- **References** - CVE IDs, URLs, or other references (replaces old OSVDB-ID field)
- **Tuning** - Tuning category number (see Scan-Tuning.md)
- **URI** - The URI/path to test (supports variable expansion like @CGIDIRS, @LFI(), etc.)
- **Method** - HTTP method (GET, POST, etc.)
- **DSL** - Domain-Specific Language matcher for response matching (replaces old Match 1, Match 1 Or, Match1 And, Fail fields)
- **Message** - Description of the finding
- **Data** - Optional HTTP request body/data
- **Headers** - Optional additional HTTP headers

**DSL Matcher:**
The DSL field uses a Domain-Specific Language for matching HTTP responses. See the `/devdocs/DSL_GUIDE.md` for complete documentation. Basic examples:
- `CODE:200` - Match HTTP 200 status
- `BODY:admin` - Match "admin" in response body
- `CODE:200&&BODY:admin` - Match 200 AND "admin" in body
- `(CODE:200|CODE:301)` - Match 200 OR 301
- `@LFI()` - Special function for LFI detection (expands to platform-specific matchers)

Here is an example test:

> "000120","https://example.com/ref","2","/manual/","GET","CODE:200","Web server manual","",""